Small business likely to last only six months after a cybersecurity breach

Small accounting practices that suffer a cyber breach face the prospect of being out of business within six months, a cybersecurity expert warns. Matt Bushby, CEO of the Macquarie University Cyber Skills Academy, will speak about how small business and accounting practices can strengthen their defences against cyber breaches at the Institute of Public Accountants National Congress on 28 November.

by | 15 Nov, 2024

A person uses their mobile phone to authorise a log in on their laptop with two-factor authentication

If cybercrime were a global economy, it would rank third after the United States and China, generating an estimated £10 trillion (A$19.6 trillion) annually. Behind these attacks are sophisticated criminal enterprises, often operating from vast complexes in emerging markets where teams of hackers target vulnerabilities in corporate defences, Matt Bushby, CEO of the Macquarie University Cyber Skills Academy, cautions. 

“Where is all the sensitive data stored? It’s with the accountants,” Bushby says. “They’re at the forefront of cyber crime, yet many don’t have the major defences or understanding of how to protect against it.” 

Headshot of Matt Bushby
Matt Bushby, CEO, Macquarie University Cyber Skills Academy

Their methods are increasingly sophisticated, with cyber criminals often lurking undetected within compromised systems for months, monitoring activities and gathering intelligence before launching an attack.

They compile detailed profiles of potential victims, piecing together information from various data breaches such as passport and tax file numbers to build comprehensive dossiers for future attacks. 

For accountants, the vulnerabilities extend into people’s homes for staff who work remotely. “Most attacks are happening in people’s homes,” Bushby says. “You might have excellent defences in your office environment through secure Wi-Fi, but with staff working remotely, that’s where the greatest risk lies.” 

Accountants nonchalant about cybersecurity 

The profession’s response to these threats has been mixed. Many practitioners remain nonchalant, relying on basic security measures provided by accounting software platforms. “We’ve heard horror stories of Xero or MYOB passwords being found inside Excel spreadsheets or in somebody’s notes on their computer,” he says. “These are the weak links that businesses haven’t thought through.” 

Bushby says many cyber breaches are staff-related, highlighting the need for greater organisational security awareness. Simple password management and avoiding suspicious emails are no longer sufficient defences. Modern cybersecurity demands a trifecta of education, technology and robust governance frameworks. 

“We teach people how to write accounts, we teach people how to cross the road safely, but we don’t do a good enough job teaching people how to be safe online,” Bushby says.  

Beyond immediate financial losses, the reputational damage can undermine the viability of a practice, with clients quickly losing trust and looking elsewhere for an accountant.  

Multi-pronged approach to tackle cyber crime 

The solution requires a multi-faceted approach, according to Bushby. Firms need multi-factor authentication, regular security audits, comprehensive staff training programs and a culture of cybersecurity awareness. 

“It’s not just about clicking on the incorrect email link,” Bushby says. “It’s about the sharing of data that you email out, conversations inside the office, laptop and physical security of your office environment. It’s about understanding the early signs of where a data breach might happen.” 

When breaches do occur, responding with speed and expertise are crucial. Firms can’t simply “pull the plug from the wall” and hope for the best. Professional incident response support is essential, with small practices balancing security investments against operational costs. “We put passwords on the door to lock the office, but we don’t take the same approach with our online safety,” Bushby says.  


More information on the IPA National Congress on 27-29 November, 2024 is available HERE

Share This